In the war against cyber crime, no one gets to avoid battle. That’s why it’s crucial that each of us is proactive in understanding the innovation and advancements being made on both sides of the cybersecurity arms race. To that end, today we introduced the 2017 SonicWall Annual Threat Report, offering clients, businesses, cybersecurity peers and industry media and analysts a detailed overview of the state of the cybersecurity landscape.

To map out the cybersecurity battlefield, we studied data gathered by the SonicWall Global Response Intelligence Defense (GRID) Threat Network throughout the year. Our findings supported what we already knew to be true – that 2016 was a highly innovative and successful year for both security teams and cyber criminals.

Security Industry Advances

Security teams claimed a solid share of victories in 2016. For the first time in years, our SonicWall GRID Threat Network detected a decline in the volume of unique malware samples and the number of malware attack attempts. Unique samples collected in 2016 fell to 60 million compared with 64 million in 2015, whereas total attack attempts dropped to 7.87 billion from 8.19 billion in 2015. This is a strong indication that many security industry initiatives are helping protect companies from malicious breaches. Below are some of the other areas where progress is clearly being made.

Decline of POS Malware Variants

Cybersecurity teams leveraged new technology and procedural improvements to gain important ground throughout the year. If you were one of the unlucky victims of the point-of-sale (POS) system attack crisis that shook the retail industry in 2014, you’ll be happy to learn that POS malware has waned enormously as a result of heightened security measures. The SonicWall GRID Threat Network saw the number of new POS malware variants decrease by 88 percent since 2015 and 93 percent since 2014. The primary difference between today’s security procedures and those that were common in 2014 is the addition of chip-and-PIN and chip-and-signature technology particularly in the United States, which undoubtedly played a big role in the positive shift.

Growth of SSL/TLS-Encrypted Traffic

The SonicWall GRID Threat Network observed that 62 percent of web traffic was Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted in 2016, making consumers and businesses safer in terms of data privacy and integrity while on the web. This is a trend we expect to continue in 2017, based on Google’s announcement that it has a long-term plan to begin marking HTTP traffic in its Chrome browser as “not secure.” NSS Labs estimates that 75 percent of web interactions will be HTTPS by 2019.

Decline of Dominant Exploit Kits

We also saw the disappearance of major exploit kits Angler, Nuclear and Neutrino after cybersecurity investigations exposed the likely authors, leading to a series of arrests by local and international law enforcement agencies. The SonicWall GRID Threat Network observed some smaller exploit kits trying to rise to fill the void. By the third quarter of 2016, runner-up Rig had evolved into three versions employing a variety of obfuscation techniques. The blow that dominant exploit kit families experienced earlier in 2016 is a significant win for the security industry.

Cyber Criminal Advances

As with any arms race, advances made by the good guys are often offset by advances made by the bad guys. This is why it’s critical for companies to not become complacent and remain alert to new threats and learn how to counterattack. Below are some of the areas where cyber criminals showed their ability to innovate and exploit new ways to launch attacks.

Explosive Growth in Ransomware

Perhaps the area where cyber criminals advanced the most was in the deployment of ransomware. According the SonicWall GRID Threat Network, ransomware attacks grew 167 times since 2015, from 3.8 million in 2015 to 638 million in 2016. The reason for this increase was likely a perfect storm of factors, including the rise of ransomware-as-a-service (RaaS) and mainstream access to Bitcoin. Another reason might simply be that as cybersecurity teams made it difficult for cyber criminals to make money in other ways, they had to look for a new paycheck.

Exploited Vulnerabilities in SSL/TLS Encryption

While the growth of SSL/TLS encryption is overall a positive trend, we can’t forget that it also offers criminals a prime way to sneak malware through company firewalls, a vulnerability that was exploited 72 percent more often in 2016 than in 2015, according to NSS Labs. The reason this security measure can become an attack vector is that most companies still do not have the right infrastructure in place to perform deep packet inspection (DPI) in order to detect malware hidden inside of SSL/TLS-encrypted web sessions. Companies must protect their networks against this hidden threat by upgrading to next-generation firewalls (NGFWs) that can inspect SSL/TLS traffic without creating performance issues.

IoT Became a New Threat Network

Many people who enjoy using Reddit, Netflix, Twitter or Spotify experienced another of our top threat trends firsthand. In October 2016, cyber criminals turned a massive number of compromised IoT devices into a botnet called Mirai that they then leveraged to mount multiple record-setting distributed denial-of-service (DDoS) attacks. The SonicWall GRID Threat Network found that at the height of the Mirai botnet usage in November 2016, the United States was by far the most targeted, with 70 percent of DDoS attacks aimed at the region, followed by Brazil (14 percent) and India (10 percent). The root cause leading to the Mirai attacks was unquestionably the lax security standards rampant in IoT device manufacturing today. Specifically, these devices do not prompt their owners to change their passwords, which makes them uncommonly vulnerable.

Combatting the New Cyber Threats

It’s worth noting that the technology already exists today to solve many of the new challenges cyber criminals threw at victims in 2016. SSL/TLS traffic can be inspected for encrypted malware by NGFWs with high-performance SSL/TLS DPI capabilities. For any type of new advanced threat like ransomware, it’s important to understand that traditional sandboxing solutions will only detect potential threats, but not prevent them. In order to prevent potential breaches, any network sandbox should block traffic until it reaches a verdict before it passes potential malware through to its intended target. SonicWall’s family of NGFWs with SSL/DPI inspection coupled with the SonicWall Capture multi-engine cloud sandbox service is one approach to provide real-time breach prevention for new threats that emerge in the cybersecurity arms race.

If you’re reading this blog, you’re already taking an important first step toward prevention, as knowledge has always been one of the greatest weapons in the cybersecurity arms race. Take that knowledge and share it by training every team member in your organization on security best practices for email and online usage. Implement the technology you need to protect your network. And most importantly, stay up-to-date on the latest threats and cybersecurity innovations shaping the landscape. If you know where your enemy has been, you have a much better shot of guessing where he’s going.

Bill Conner is among the most experienced security, data and infrastructure executives worldwide, with a career spanning over 30 years across numerous high-tech industries. A corporate turn-around expert, today he is the President and CEO of SonicWall, one of the world’s most trusted network security companies, acquired as a carve out from Dell by Francisco Partners and Elliott Management in November of 2016. SonicWall next-generation firewalls and network security solutions protect more than 1 million networks worldwide, for more than 500,000 organizations in more than 150 countries. In the less than one year under Conner’s leadership, SonicWall surpassed the ambitious financial and operational metrics set across the business, delivering record partner registrations (over 15,000 partners / 4,000 net new), strong pipeline growth (over $250M in new partner deal registrations), key service improvements (80% reduction in wait times), the release of a new global marketing campaign, and record new product releases.

Conner has been the vanguard of four of the Digital Information Age’s most transformational technology shifts. From leading key divisions of AT&T, to taking Nortel into data with the $9 billion acquisition of Bay Networks, to his work securing digital identities with Entrust, to bringing secure communications and privacy from the consumer to the enterprise through mobile and cloud with Silent Circle, Conner has built a strong track record. He’s re-engineered product lines, built world-class service organizations, re-aligned global sales organizations, and created industry-leading marketing campaigns. After he was appointed President and CEO of Silent Circle, Conner quickly re-positioned the consumer privacy company into a mobile Enterprise Privacy Platform (EPP) focused business. This included creating the marketing category, re-engineering the products and the global cloud delivery, and re-building the sales, service and marketing functions. As Entrust’s President and CEO, Conner quickly re-engineered the technology-led company to be customer and market-driven, creating a best-in-class company. Upon taking Entrust private in 2009 with the private equity firm Thoma Bravo, he reset corporate priorities to take advantage of new market dynamics such as SaaS and mobility. This enabled Conner to successfully navigate the company toward nearly a 100% subscription-based revenue model, while delivering organic growth rates in excess of two times the market rate. Contributing to the strong growth were record customer renewal rates exceeding 98%. In 2013, Entrust was purchased for a record 6.5 times the 2009 investment.

Conner is a staunch supporter of public-private partnerships on cybersecurity, and is regularily called on to share his expertise with global leaders at major financial institutions, enterprises and governments.
He also created and hosted “Hacked” for SiriusXM’s business radio. He has been recognized with several awards including: Marketing Computers “Marketer of the Year”, Tech Titans “Corporate CEO of the Year”, Federal Computer’s “Top 100 Award”, and the “National Youth Science Camp Alumnus of the Year.”

Conner graduated from Princeton University with a bachelor’s degree in mechanical engineering and earned a master’s degree in business administration from the Wharton School of the University of Pennsylvania.